Suffolk County proposes $36 million budget for IT department after massive cyberattack

The increased funding would make 20% of the IT department budget dedicated solely to cybersecurity efforts, county leaders said.

Rachel Yonkunas

Oct 31, 2022, 9:46 PM

Updated 781 days ago

Share:

Suffolk officials are hoping to raise IT spending by $11 million next year following a massive cyberattack.
It has been 54 days since the breach forced Suffolk County to shut down its computer network. The county is still in the process of restoring operations and this will have an impact on next year's budget.
County officials want to raise IT spending to $36 million in 2023, up from $25 million in 2022. The increased funding would make 20% of the IT department budget dedicated solely to cybersecurity efforts, county leaders said.
During a legislative meeting Monday morning, Chief Deputy County Executive Lisa Black told legislators that the money would go towards the hiring of 19 new staff members—including a chief information security officer—and more security measures to protect county systems against future cyberattacks, such as multi-factor authentication.
"As we rearchitect our systems, we're seeing this as an opportunity for us to be eligible for cyber insurance to take advantage of that," Black said.
She also said the county has already spent $4.8 million on digital forensics and recovery.
Team 12 Investigates first reported in early October that nearly $4 million had been allocated to Suffolk County's IT department for security upgrades just months before the cyber breach. Legislators now question whether those taxpayer dollars were properly spent.
"I want to know, did they spend the money? How much of it did they spend? Where did they spend it and was it put properly so that our security system was upgraded?," asked Legislator Anthony Piccirillo, who will lead a special legislative committee to investigate the cyber breach. "Obviously, some of it wasn't and we're going to find out exactly what happened."
Most county departments are still operating offline, with many services being offered in person and on paper. County officials have not said how much personal data have been compromised in the breach, citing an ongoing criminal investigation.
Meanwhile, legislators are still waiting on a report from Palo Alto Networks, the county's main vendor for firewall protection. The company is analyzing how the hackers were able to gain access to county systems.
"They have to go through every single computer and check every single intrusion point to find out who got into where, how they got in there and what firewall they got around," explained Suffolk County Presiding Officer Kevin McCaffrey.